This Security Policy is a model, consisting of many possible processing of personal data. It can be expanded or its scope limited, depending on the nature of the business and the adopted image strategy.
Individual processing activities have been described in an example manner, taking into account the most common purposes, scopes and methods of personal data processing.
AP Polska Kiecoń Sp. z o.o. Sp. k. treats personal data protection as one of the most important aspects of its business activity. Due to the constantly growing number of our clients, we feel particularly responsible for the security of personal data processed by us. Our goal is to provide current and proper information on matters related to operations performed by us on personal data.
Personal data and their processing - definitions
Personal data means information about an identified or identifiable natural person. Therefore, personal data will be such data that allows us to determine the identity of a specific person, as well as those that do not allow for immediate identification, but are, at a certain cost, time and effort, especially using readily available and commonly used sources available, sufficient to determine it. Therefore, personal data is not individual information with a high degree of generality, e.g. name, country of residence, amount of remuneration. However, this information will constitute personal data when it is combined with other additional information, which in consequence can be referred to a specific person (e.g. name and surname, PESEL number, etc. ).
However, the term personal data processing covers virtually all possible activities performed on personal data, regardless of whether they are performed in an automated manner or not. Therefore, the processing of personal data will include collecting, storing, recording, organizing, modifying, browsing, using, sharing, limiting, deleting or destroying data.
Who is the administrator of your data
How we care about the security of your data
In connection with our business activities, we collect and process your personal data always in accordance with applicable law, including in particular the GDPR, and the principles of data processing contained therein. We provide transparency in the processing of your personal data, in particular by informing you about the processing of data at the time of collection, including the purpose and legal basis for processing (e.g. when concluding a contract for the sale of goods or services). We also emphasize that data should be collected only to the extent necessary to achieve the indicated purpose and processed only for the period in which it is necessary. Access to your data is available only to persons authorized by us and only to the extent necessary due to the tasks they perform. In addition, we have implemented appropriate technical and organizational measures to ensure the security and confidentiality of your data. However, if, despite our security measures, there has been a breach of the protection of your personal data (e.g. 'data leakage' or loss), we will inform the relevant authorities and you in a manner consistent with the law.
On what basis do we process your data
The most common basis for us to process your personal data is the premise for the performance of the contract or the actions you take before entering into the contract. In other words, we process your data to the necessary extent due to the fact that, e.g. you purchased or ordered the goods or services we offer, you have an employment contract with us, or we have a different type of commercial contract (or you intend to do so with us) included).
We occasionally process your personal data due to the fact that it is required by applicable law. For example, the data contained in sales documents (e.g. VAT invoice) are processed by us due to the fact that the law requires documentation of sales in a specific way, indicates the scope of data that must be on this type of document and specifies the time by which data we are obliged to store.
There may also be situations in which we process or process your personal data on the basis of your consent. Remember that we will always ask you for such consent explicitly. Such a request for consent will be presented in a way that makes it possible to distinguish it from other issues in a clear and easily accessible form in clear and simple language. The last premise we use to process your personal data is the so-called legitimate interest of the administrator, i.e. ours. The word "legally" does not mean that this interest must be based on applicable law. Such interest may be, e.g., video monitoring or contact form on the website. Remember that whenever we intend to process your personal data based on our legitimate interest, we try to analyze and balance our interest and the potential impact of processing activities on your person (positive and negative), and process personal data only, and only in a situation in which which overriding our interests will not have your interests or fundamental rights and your freedoms.
For what purpose and under what circumstances we share your data
As a rule, we do not disclose your personal data to any third parties that could use the data for their own purposes - without your explicit consent. The exception to the above rule is sharing some of your personal data with authorized (i) State authorities (including offices), operating on the basis of and within the framework of applicable law, (ii) banks that receive data related to financial transactions from us, and (iii) postal operators and courier companies - in connection with, for example, sending correspondence. We share your personal data with third parties that provide specific services for us. Among such service providers, we can in particular distinguish: technical operators, including IT companies, who manage and service technical and IT infrastructure for us , entities that provide consultancy services to us, including accounting offices and law firms, and third parties cooperating with us on performing specific contracts concluded with you. However, we would like to assure you that these service providers have been properly selected by us and obliged, pursuant to relevant contracts, to use the data entrusted to them only in accordance with our guidelines and for the purpose strictly defined by us. The level of protection of Personal Data outside the European Economic Area differs significantly from that provided by European law. For this reason, we will transfer your data outside the EEA only when it is necessary and ensuring an adequate level of protection, primarily through (i) cooperation with entities processing personal data in countries for which the relevant European Commission decision was issued regarding ensuring an adequate level of protection of Personal Data, (ii) applying standard contractual clauses issued by the European Commission, (iii) applying binding corporate rules approved by the competent supervisory authority, (iv) in the event of transferring data to the USA - cooperation with entities participating in the Privacy Shield program approved by the decision of the European Commission.
What rights do you have in relation to our processing of your data
We make every effort to exercise your rights under the GDPR, i.e.
- the right to withdraw consent
- rights of access to personal data
- the right to rectify data
- right to delete data
- right to restriction of processing
- data transfer rights
- right to object
- the right not to be subject to decisions based solely on automated processing
The right to withdraw consent
You have the right to withdraw any consent you have given us to process your personal data. Withdrawal of consent has the effect from the moment of withdrawal of consent, i.e. that it does not affect the processing carried out by us in accordance with the law before its withdrawal. Withdrawal of consent should not have any consequences, however, it may prevent you from continuing to use the services that we provided based on the consent given.
Right of access to data
You have the right to obtain confirmation from us whether we process your personal data and, if this is the case, you have the right to:
obtain information about the purposes of processing, categories of personal data processed, recipients or categories of recipients of such data, the planned period of storage of your data or the criteria for determining this period, about your rights under the GDPR and about the right to lodge a complaint to the supervisory authority, about the source of this data, about automated decision making, including profiling, and about the safeguards used in connection with the transfer of these data outside the European Union;
get access to your personal data. Access added should be understood as e.g. obtaining a copy of all your personal data processed by us.
The right to rectify data
You have the right to rectify and supplement your personal data. In addition, we would like to inform you that we will try to remove any possible incompatibilities or errors in your personal data processed by us and supplement them if they prove to be incomplete.
The right to delete data ("right to be forgotten")
You have the right to request that we delete all or some of your personal data, and we are obliged to delete them in the situation where one of the following circumstances occurs:
your personal data ceased to be necessary for the purpose for which it was collected or processed .
Such a purpose is, among others, storing data for a period in which you can submit a claim to us, or for a period in which there is an obligation arising directly from the law regarding the storage of your data related to cash register receipts, i.e. with invoices, orders and other similar documents. As a rule, we process your personal data for a period of 6 years from the moment they are obtained. Only after this period may the data be removed by us or at your request. If you think that the purpose of processing your data has ceased to exist, you can request their removal. You withdrew your previously granted consent to the extent that personal data was processed based on this consent. In most cases, we process your personal data due to the contract between us. However, if it happens that we will process your data on the basis of your consent, then after its withdrawal you will also be able to request the deletion of the data that you provided when giving it. You objected to the use of your personal data for marketing purposes. You can object to this at any time. More on this with the right to object. If you objected, you can also request deletion. Your personal data is processed unlawfully. Compliance with personal data protection principles is our highest priority. However, if you believe that we process your personal data unlawfully, you can always request removal of such data, indicating which provisions we have violated, or how our processing of your personal data is unlawful. This will be key information for us, enabling us to correct any errors in the future.
The right to limit data processing
You have the right to request the restriction of the processing of your personal data. If you make such a request, we will not be able to perform any actions on your personal data, except for their storage. You can request a restriction on processing in the following cases:
when you question the accuracy of your personal data - then we will limit their processing for the time necessary to verify the correctness of your data.
when the processing of your data is unlawful - and you instead of deleting the data request to limit their processing.
when your personal data is no longer necessary for the purposes for which we collected or used it, but you need it to establish, assert or defend claims;
when you objected to the use of your data based on our legitimate interest - then the restriction occurs for the time needed to consider whether, due to your particular situation, the protection of your interests, rights and freedoms outweighs the interests that we pursue by processing your personal data .
Right to data portability
You have the right to receive from us your personal data that you have provided to us and which we process in IT systems and then send it to another personal data administrator of your choice. You also have the right to request that personal data be sent by us directly to such other administrator, if it is technically possible. We will send your personal data in the form of a file saved in one of the commonly used formats, machine-readable, among others csv or xml . The use of such a format should enable sending data to another personal data administrator.
The right to object to the use of data
You have the right to object at any time to the use of your personal data for the purposes of direct marketing of our products and services. The objection does not result in the deletion of data, but only the cessation of their use by us for marketing purposes. You can also object to the processing of personal data based on our legitimate interest at any time - for reasons related to your particular situation . Opposition in this respect should contain justification.
The right not to be subject to decisions based solely on automated processing
You also have the right not to be subject to a decision that is based solely on automated processing, including profiling, and that has legal effects on you or similarly significantly affects you. The legal effects referred to above should be understood as the creation, change or termination of a legal relationship, e.g. a contract. Therefore, such profiling may be e.g. granting or refusing a loan, applying increased security measures, automatic disconnection of a telephone number due to failure to pay the telephone bill on time, etc. We would like to inform you that regarding your personal data, we do not make decisions based on only on automated processing, including profiling, so we see no reason to make this request. However, if you disagree with us, you can always make a request.
At what time will we meet your request
If you make one of the above requests to us by contacting us by phone or to the e-mail address indicated below, we will inform you about the fulfillment or refusal to comply with the request immediately, but not later than within one month of receiving the request. If it turns out that due to the complex nature of your request or the number of requests, we will not be able to comply with your request within a month, we will comply with it within the next two months informing you in advance of the intended extension.
In what situations do we process your personal data
EMAIL AND TRADITIONAL CORRESPONDENCE
In the case of sending correspondence to us, via e-mail or traditional correspondence, the personal data contained in this correspondence are processed by us for the purpose of communication and resolution of the matter to which correspondence relates. We process this data due to the fact that you have sent us this type of correspondence, and we want to provide you with an appropriate response - on the basis of our legitimate interest. We only process data that is relevant to us from the point of view of the case to which the correspondence relates. All correspondence is stored in a manner that ensures the security of personal data contained therein (and other information) and disclosed only to authorized persons. The data will be stored maximally until the expiry of the limitation period for claims - i.e. 6 years for natural persons.
CONTACT FORM ON THE WEBSITE
If you use the contact form on our website you will be asked to provide certain data, in particular such as e-mail address or reason for contact. We would like to inform you that the data we collect will be used to answer your question (notification) that has been received by us via the contact form - based on our legally justified purpose. The report may relate to any topic you are interested in (e.g. hours of our work). Remember that you provide data voluntarily, but failure to provide specific data may result in the inability to send a notification or provide the answer you expect. We will process the data provided by you for the period resulting from the relevant provisions of law (e.g. until the expiry of any claims).
When you visit, we register your image using surveillance cameras. This is because we strive to ensure the safety of you and our employees and other guests visiting us, as well as to protect them and our property (our legitimate interest). We would like to assure you that video monitoring does not cover places where it would violate your privacy. The monitoring only records the image, without recording the sound. Data from video monitoring are not subject to any profiling, and are not subjected to any analyzes, including for marketing purposes. Access to the recordings is only available to a group of our trusted employees and possibly specialized security agencies. The storage time of recordings, unless there has been an incident related to the violation of security of persons and property, is a maximum of 3 months, after this period the recordings are irretrievably overwritten. Recordings from the Monitoring may in legally justified circumstances be made available to relevant state authorities. Remember that the places where video monitoring is carried out are marked with appropriate graphic signs.
At the beginning we would like to point out that in the case in which you contact us we can record your conversation. If the conversation is going to be recorded, you will be notified before it starts. We use call recordings to accurately describe your request, improve the quality of our services and support, as well as for evidentiary purposes - based on our legitimate interests. If you do not want to be recorded with us, we invite you to use other forms of contact, such as contact form, e-mail or personal visit.
Any person contacting us by phone who wants to get some information about personal data, e.g. by asking for details of the contract, will be asked to provide certain personal data before providing any information. This is necessary to verify her identity. It is necessary for us, before providing any information that is in our understanding personal data, to make sure that we provide information to an authorized person. Without such verification, due to e.g. your failure to provide specific data, you will not be able to provide you with the expected information by phone.
In addition, in a situation where you contact us, we may ask you to provide certain information that will be necessary to settle the matter with which you are contacting us - e.g. reporting a delivery address or providing an account to which we will refund or pay financial resources . The data you provide will be used only for the purpose for which you contact us and we will store it for the period resulting from the relevant provisions of law (e.g. until the expiration of any claims). We will process your data to meet the obligations arising from the contract or applicable law or for our other legitimate purposes (e.g. answering a question).
For the best functioning of our website, we may collect data obtained while browsing it, such as: (i) information about the device you are using, (ii) applications used for browsing, (iii) how to use the website, (iv) location as well as (v) information contained in " cookies ". Files Cookies are small pieces of information sent by a web server and stored on your computer or other mobile device during your use of our website. These files are used, among others using the various functions provided on the website or confirming that you have seen certain content.
Google Analytics (more information at policies.google.com/ privacy , browser add-on blocking Google Analytics - tools.google.com), Facebook (more information at: en-facebook.com/ privacy / explanation ), Google Marketing Platform (more information at policies.google.com/ privacy ).
- Microsoft Edge
- Internet Explorer
- Mozilla Firefox
APPLYING FOR WORK
If you want to apply to us from work, we will ask you for some information about yourself. This information may include both those indicated in the Labor Code, i.e. first name (names) and surname, parents' names, date of birth, place of residence (correspondence address), education, course of employment, as well as other data, including contact details that will be necessary for us to be able to assess your candidacy and possibly contact you. Your voluntary decision is whether you provide us with your personal data or not, however, remember that failure to provide specific data will result in the inability to participate in the recruitment process. The data provided by you will be processed for the above purposes in connection with the fact that you take steps to conclude an employment contract with us (sending a CV) and because of our legitimate interest. We will process data for the period resulting from the provisions of the Labor Code. In addition, you can consent to the processing of your personal data for future recruitments. You can withdraw your consent at any time, however, withdrawal of consent does not affect the lawfulness of the processing that took place until its withdrawal. If you agree to our processing of your personal data also in future recruitments, we will be entitled to contact you in the event that your candidacy meets the requirements of us when we are looking for a new employee. We will keep your data processed by us on the basis of your consent until you withdraw your objection or deletion of your data.
DELIVERY OF GOODS AND SERVICES
If you are an entrepreneur and you intend to become or are our contractor, we will also ask you to provide certain data, in particular your name, surname, company name, tax identification number, REGON number and the address or registered office of your business. The data may also include contact details of employees who will perform the contract concluded with us on your behalf. We collect data in commercial inches and we do it on the basis of the premise for the implementation of the contract, which also applies to the actions taken by us at your request, before its conclusion (e.g. sending us an offer of cooperation) and to implement our and your legitimate interest, consisting in enabling the correct and effective performance of the contract. You provide data voluntarily, however, failure to provide such data may result in the inability to conclude a specific contract with you. The data will be processed for the duration of the contract that binds us together, and when it expires przsez period resulting from the relevant laws, including the Civil Code (limitation of claims) and the Accounting Act (the storage of invoices).
Collection of data in connection with the provision of services or other contracts by us
If we collect data for purposes related to the performance of a specific contract, we undertake to provide you with detailed information regarding the processing of your personal data at the time of concluding the contract or at the time of obtaining personal data if the processing is necessary for the Administrator to take action on data subject's request before concluding the contract.
Data collection in other cases
In connection with our business, we may collect your personal data also in other cases - e.g. by building and using lasting mutual business contacts ( networking ) during business meetings, at industry events. In this case, the legal basis for processing is the Administrator's legitimate interest (Article 6 (1) (f) of the GDPR), consisting in creating a network of contacts in connection with the business. Personal data collected in such cases are processed only for the purpose for which they were collected, and the Administrator provides them with adequate protection.
In the event that you have additional questions, reservations or doubts about the way we process your personal data, you can always send an email with an appropriate question to firstname.lastname@example.org, or you can contact us by phone at 721745237. All inquiries received from you will be considered immediately.
Remember that you can always lodge a complaint with the supervisory body, which is the President of the Office for Personal Data Protection, ul. Stawki 2, 00-193 Warsaw.